shopify
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill (SKILL.md) requires the installation of official Shopify CLI tools via
npm install -g @shopify/cli. While these are standard tools for the platform, the Shopify organization is not on the explicit list of pre-approved trusted entities, classifying this as a download from an unverifiable source. - [PROMPT_INJECTION] (LOW): The skill presents an indirect prompt injection surface as it is designed to interact with external Shopify store data. * Ingestion points: Untrusted data enters the agent context via GraphQL API responses and webhook payloads (e.g., product titles and order details) as described in
references/app-development.md. * Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the provided code examples. * Capability inventory: The skill possesses the ability to make network API requests and execute CLI commands for project management. * Sanitization: The code snippets do not demonstrate input validation or sanitization of the ingested data. - [COMMAND_EXECUTION] (SAFE): CLI commands such as
shopify app initandshopify theme devare standard tools for initialization and development. These commands are intended for legitimate project management and do not exhibit malicious patterns like privilege escalation or unauthorized persistence.
Audit Metadata